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Abstract. The intuitionistic fragment of the call-by-name version of Curien and Her- 
belin's A/i/i-calculus is isolated and proved strongly normalising by means of an embed- 
ding into the simply-typed A-calculus. Our embedding is a continuation-and-garbage- 
passing style translation, the inspiring idea coming from Ikeda and Nakazawa's transla- 
tion of Parigot's A/i-calculus. The embedding strictly simulates reductions while usual 
continuation-passing-style transformations erase permutative reduction steps. For our in- 
tuitionistic sequent calculus, we even only need "units of garbage" to be passed. We apply 
the same method to other calculi, namely successive extensions of the simply-typed A- 
calculus leading to our intuitionistic system, and already for the simplest extension we 
consider (A-calculus with generalised application), this yields the first proof of strong nor- 
malisation through a reduction-preserving embedding. The results obtained extend to 
second and higher-order calculi. 
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1. Introduction 



CPS (continuation-passing style) translations are a tool with several theoretical uses. 
One of them is an interpretation between languages with different type systems or logical 
infra-structure, possibly with corresponding differences at the level of program constructors 
and computational behavior. Examples are when the source language (but not the target 
language): (i) allows permutative conversions, possibly related to connectives like disjunc- 
tion [6j; (ii) is a language for classical logic, usually with control operators [131 [HI [20] ; (iii) 
is a language for type theory [H [2] (extending (ii) to variants of pure type systems that 
have dependent types and polymorphism). 

This article is about CPS translations for intuitionistic sequent calculi. The source and 
the target languages will differ neither in the reduction strategy (they will be both call-by- 
name) nor at the types/logic (they will be both based on intuitionistic implicational logic); 
instead, they will differ in the structural format of the type system: the source is in the 
sequent calculus format (with cut and left introduction) whereas the target is in the natural 
deduction format (with elimination/application). From a strictly logical point of view, this 
seems a new proof-theoretical use for double-negation translations. 

Additionally, we insist that our translations strictly simulate reduction. This is a strong 
requirement, not present, for instance in the concept of reflection of [34j. It seems to have 
been intended by [T], however does not show up in the journal version [2]. But it is, 
nevertheless, an eminently useful requirement if one wants to infer strong normalisation 
of the source calculus from strong normalisation of the simply-typed A-calculus, as we 
do. In order to achieve strict simulation, we define continuation-and-garbage passing style 
(COPS) translations, following an idea due to Ikeda and Nakazawa |20] . Garbage will 
provide room for observing reduction where continuation-passing alone would inevitably 
produce an identification, leading to failure of strict simulation in several published proofs 
for variants of operationalized classical logic, noted by [29] (the problem being /^-reductions 
under vacuous ^-abstractions). As opposed to [20], in our intuitionistic setting garbage can 
be reduced to "units", and garbage reduction is simply erasing a garbage unit. 

The main system we translate is the intuitionistic fragment of the call-by-name restric- 
tion of the A/i/i-calculus [5], here named AJ'"*'^. The elaboration of this system is interesting 
on its own. We provide a CPS and a CGPS translation for AJ'"'^'^. We also consider other 
intuitionistic calculi, whose treatment can be easily derived from the results for AJ'"'"^. 
Among these is included, for instance, the A-calculus with generalised application. For all 
these systems a proof of strong normalisation through a reduction-preserving embedding 
into the simply-typed A-calculus is provided for the first time. 

The article is an extended version of the conference contribution of the same authors 
[12] . It is organized as follows: Section [2] presents AJ™*"^. Section [3] compares AJ'"'"^ with 
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other systems, and obtains as a by-product confluence of AJ"''^'^. Sections H] deals with the 
C(G)PS translation of AJ™**^ and its subsystems. Section [5] extends the results to systems 
F, and intuitionistic higher-order logic. Section [6] compares this work with related work 
and concludes. 



2. An INTUITIONISTIC SEQUENT CALCULUS 

In this section, we define and identify basic properties of the calculus AJ"""^. A detailed 
explanation of the connection between AJ"""^ and A/i/i is left to the next section. 
There are three classes of expressions in AJ'"'"^: 



X I Xx.t I {c} 
[] I M :: Z I {x)c 
tl 



(Terms) t, u, v 

(Co-terms) I 
(Commands) c 

Terms can be variables (of which we assume a denumerable set ranged over by letters x, 
y, z), lambda-abstractions Xx.t or coercions {c} from commands to term^. A value is 
a term which is either a variable or a lambda-abstraction. We use letter V to range over 
values. 

Co-terms provide means of forming lists of arguments, generalised arguments [21], or 
explicit substitutions. A co-term of the form (x)c binds variable x in c and provides the 
generalised application facility. Operationally it can be thought of as "substitute for x in 
c". A co-term of the form [] or u :: Z is called an evaluation context and is denoted by E. An 
evaluation context of the form u :: I allows for multiary applications, and when passed to a 
term it indicates that after consumption of argument u computation should carry on with 
arguments in L [] marks the end of an evaluation context and compensates the impossibility 
of writing [x)x. 

A command tl has a double role: if I is of the form (a:)c, tl is an explicit substitution; 
otherwise, tl is a general form of application. 

In writing expressions, sometimes we add parentheses to help their parsing. Also, we 
assume that the scope of binders \x and (x) extends as far as possible. Usually we write 
only one A for multiple abstraction. 

In what follows, we reserve letter T ("term in a large sense") for arbitrary expressions. 
We write x ^ T \i x does not occur free in T. Substitution \t/x]T of a term t for all free 
occurrences of a variable x in T is defined as expected, where it is understood that bound 
variables are chosen so that no variable capture occurs. 

[t/x]x = t [t/x][] = [] 

{t/x\y = y \i X ^ y [t / x\{u I) = [t / x\u [t / x\l 

[t/x]{\y.u) = \y.[t/x]u [t/x]{{y)c) = {y)[t/x]c 

[t/x]{c} = {[t/x\c} [t/x]{ul) = [t/x\u[t/x\l 

Evidently, syntactic classes are respected by substitution, i.e., [t/x\u is a term, [t/x\l is a 
co-term and [t/x]c is a command. 

The calculus AJ'"'^'^ has a form of sequent for each class of expressions: 
V^t-.A r|/:ylhS T 



version of AJ'""'' with implicit coercions would be possible but to the detriment of the clarity, in 
particular, of the reduction rule e below. 
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Figure 1: Typing rules of AJ"^ 



LAx ^ 7 RAx 



T\[]:Ah A T,x:Ahx:A 

Thu:A T\l:BhC r,x:A\-t:B 
T\u::l:ADBhC T h Xx.t : A D B 



r,x:A^B r ^ ^ 

r\{x)c: Ah B ^^'^^ r h {c} : A ^^"^^ 

Tht:A T\l: Ah B 



T B 



Cut 



Letters A,B,C are used to range over the set of types (=formulas), built from a base 
set of type variables (ranged over by X) using the function type (that we write A D B). 
In sequents, contexts T are viewed as finite sets of declarations x : A, where no variable 
x occurs twice. The context T,x : A is obtained from T by adding the declaration x : A, 
and will only be written if this yields again a valid context, i. e., if x is not declared in T. 
Similarly, F, A is the union of F and A, and assumes that the sets of variables declared in F 
and A are disjoint. We can think of a term (resp. co-term) as an annotation for a selected 
formula in the rhs (resp. Ihs). Commands annotate sequents generated as a result of logical 
cuts, where there is no selected formula on the rhs or Ihs; as such we write them on top of 
the sequent arrow. 

The typing rules of A J™*^ are presented in Figure [H stressing the parallel between left 
and right rules. 

The following other forms of cut are admissible as typing rules for substitution for each 
class of expressions: 

Fht-.A T,x:Ahu:B T h t : A r,x : A\l : B h C 

F h [t/x]u : B F|[t/x]/ : B h C 

Tht:A T,x:A-^B 
F '^Mps 

We also have the usual weakening rules: If a sequent with context F is derivable and F is 
replaced by a context F' that is a superset of F, then also this sequent is derivable. 
We consider the following base reduction rules on expressions: 

(/5) {Xx.t){u :: I) u{{x)tl) (/x) {x)xl I, ii x ^ I 

In) {tl}E t{mE) (e) {t[]} t 

(a) t{x)c [i/x]c, 
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where, in eeneral, /@/' is a co-term that represents an "eager" concatenation of / and 

_ J. O 7 

viewed as hsts, and is defined as followqj: 

0®/' = I' {u :: l)@l' = u:: {{x)tl)@l' = {x)t (/©/') 

The one-step reduction relation — > is inductively defined as the term closure of the reduction 
rules, by adding the following closure rules to the above initial cases of — >: 

t^t' =^ Xx.t ^ Xx.t', tl ^ t'l, t :: I ^ t' :: I, 
I ^ I' =^ u :: I ^ u :: I' , tl ^ tl' , 
c ^ c' =^ {x)c — > (x)c', {c} — > {c'}. 

The reduction rules /?, vr and a are relations on commands. The reduction rule fi (resp. 
e) is a relation on co-terms (resp. terms). Rules /? and a generate and execute an explicit 
substitution, respectively. Rule tt appends fragmented co-terms, bringing the term t of the 
vr-redex {tl}E closer to root position. Also, notice here the restricted form of the outer 
co-term E. This restriction characterizes call- by-name reduction [5]. A /i-reduction step 
that is not at the root has necessarily one of two forms: (i) t{x)xl tl, which is the 
execution of a linear substitution; (ii) u :: {x)xl u :: I, which is the simplification of 
a generalised argument. Rule fj, undoes the sequence of inference steps consisting in un- 
selecting a formula and giving it the name x, followed by immediate selection of the same 
formula. The proviso x ^ / guarantees that no contraction was involved. Finally, rule e 
erases an empty list under {_}. Notice that empty lists are important under (x). Another 
view of e is as a way of undoing a sequence of two coercions: the "coercion" of a term t to 
a command immediately followed by coercion to a term By the way, {c}[] ^ c is 

a vr-reduction step. Most of these rules have genealogy: see Section 13.21 

The /SvriT-normal forms are obtained by constraining commands to one of the two forms 
Vl] or x{u :: /), where V,u,l are /S-Tra-normal values, terms and co-terms respectively. The 
/?7ro"e-normal forms are obtained by requiring additionally that, in coercions {c}, c is of the 
form x{u :: I) (where u,l are /Jvrcje-normal terms and co-terms respectively). /?7rcje-normal 
forms correspond to the multiary normal forms of [35j . If we further impose /i-normality 
as in 05|, then co-terms of the form {x)x(u :: /) obey to the additional restriction that x 
occurs either in n or /. 

Subject reduction holds for — >, i.e., the following rules are admissible: 

T^f.A t^t' n--A^B l^l' T^B^ c^c' 
Vrt' -.A T\l' : Ah B T B 

This fact is established with the help of the admissible rules for typing substitution and 
with the help of yet another admissible form of cut for typing the append operator: 

r\l:AhB T\l':BhC 
T\l@l' -.AhC 

We offer now a brief analysis of critical pairs in 

^Concatenation is "eager" in the sense that, in the last case, the right-hand side is not {x){tl}l' but, in 
the only important case that I' is an evaluation context E, its 7r-reduct. One immediately verifies l@W = I 
and {l@l')@l" = l@{l'@l") by induction on I. Associativity would not hold with the lazy version of Q. 
Nevertheless, one would get that the respective left-hand side reduces in at most one 7r-step to the right- 
hand side. 

"'For higher-order rewrite systems, see the formal definition in [27] . 
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There is a self-overlap of vr ({{tl}E'}E), there are overlaps between vr and any of 
(3 {{{Xx.t){u :: 1)}E), a {{t{x)c}E) and e (the latter in two different ways from 
and Finally, fj, overlaps with a in two different ways from t{x)xl for x ^ / and 

{x){x{y)c) for x ^ c. The last four critical pairs are trivial in the sense that both reducts 
are identical. Also the other critical pairs are joinable in the sense that both terms have 
a common — i-*-reduct. We only show this for the first case: {tl}E' — > t{l@E') by vr, hence 
also 

{{tl}E'}E {t{mE')}E =: L. 

On the other hand, a direct application of vr yields 

{{tl}E'}E {tl}iE'@E) =: R. 

Thus the critical pair consists of the terms L and R. L ^ t{{l@E')@E) and R — > 
t{l@{E'@E)), hence L and R are joinable by associativity of @. 

We remark that the first three critical pairs (like the one just shown) are of a particularly 
simple nature: The forking term is of the form {c}E with c any of the command redexes, 
i. e., a left-hand side of (3, vr or a. The L term is obtained by reducing c to the respective 
right-hand side c' of that rule, and the R term comes from applying vr at the root. Since 
c' is again a command, L = {c'}E can be reduced by vr to a term L'. The decisive feature 
of @ is that i? — >■ L' by an instance of the rule c ^ c' where the co-term part I of c = tl is 
replaced by l@E. 

Since the critical pairs are joinable, the relation is locally confluent [27\. Thus, from 
Corollary 14.51 below and Newman's Lemma, — > is confluent on typable terms. Confluence 
on all terms is proved in the next section. 

3. Comparison with other systems 

In this section we show that AJ™**^ can be generated "from above" - being the intuition- 
istic fragment of the call-by-name restriction of Curien and Herbelin's A/i/i-calculus; and 
"from below" - being the end-point of a spectrum of successively more general intuitionistic 
systems, starting from the ordinary A-calculus. This latter result, by showing that the sys- 
tems in the spectrum are subsystems of AJ"^^^, will allow us to adapt easily the result about 
^jmse (new) results about its subsystems. In addition, we will obtain, as a by-product, 
a proof of confluence for AJ"^^*^ even for the untypable terms. 

3.1. AJ™**^ as the intuitionistic fragment of CBN A/^i/i. After a recapitulation of a 
call-by-name version of A^/i-calculus, we restrict it to the intuitionistic case and rediscover 
AJ'"^". 

3.1.1. The call-by-name Xfijl-calculus. Here, we recall the Curien and Herbelin's A///i-calcu- 
lus [5]. More precisely, we only consider implication (i. e., we do not include the subtraction 
connective) and we present the call-by-name restriction of the system. 

Expressions are either terms, co-terms or commands and are defined by the following 
grammar: 

t,u,v ::= x\Xx.t\^a.c e ::= a|M::e|/2x.c c ::= (t|e) 

Variables (resp. co- variables) are ranged over by x, y, z (resp. a, b, c). An evaluation context 
E is a co-term of the form a or u :: e. 
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Figure 2: Typing rules of CBN Xfifl 



LAx TTir RAx 



r\a:Aha:A,A r,x : Ah x : A\A 

Thu:A\A T\e:BhA T,x : Ah t : B\A 

— -. ;— ; — T LIntro — — ; — ; -. =777- RIntro 

T\u::e:AZ)BhA T h Xx.t : A Z:) B\A 

c: [T,x : Ah A) c : {T h a : A, A) 

T\fix.c : A\- A T \- jda.c : A\A 

rht:A\A r|e:^hA 



(t|e) : (r h A) 



Cut 



There is one kind of sequent per each syntactic class 

rht:^|A r|e:^hA c : (T h A) 
Typing rules are given in Figure [2j 

There are 6 substitution operations altogether: 

[t/x]c [t/x]u [t/x]e [e/a]c [e/a]u [e/a]e' 
We consider 5 reduction rules: 

{Xx.t\u :: e) {u\flx.{t\e)) (fi) fix.{x\e) e, if x ^ e 

(vr) {na.c\E) [E/a]c (/i) fj,a.{t\a) t, if a ^ t 

(fj) {t\Jix.c) [t/x\c 
These are the reductions considered by Polonovski in [33], with three provisos. First, the 
/3-rule for the subtraction connective is not included. Second, in the vr-rule, the co-term 
involved is an evaluation context E] this is exactly what characterizes the call-by-name 
restriction of A/i/i [5]. Third, the naming of the rules is non-standard. Curien and Herbelin 
(and Polonovski as well) name rules vr and a as ^, /i, respectively. The name ^ has moved 
to the rule called se in [33]. By symmetry, the rule called sv by Polonovski is now called /2. 
The reason for this change is explained below by the spectrum of systems in Section 13.21 
the rule we now call tt (resp. ^) is the most general form of the rule with the same name in 
the system AJ (resp. AJ™), and therefore its name goes back to [21] (resp. [10], actually 
back to [35]). 



3.1.2. The intuitionistic fragment of CBN Xjifl. The following description is in the style of 
Section 2.13 of Herbelin's habilitation thesis [18] . 

Let * be a fixed co-variable. The intuitionistic terms, co-terms and commands are 
generated by the grammar 



(Terms) i, u, v 

(Co-terms) e 
(Commands) c 



X I Xx.t I /i*.c 
* I ti :: e I fix.c 

{t\e) 
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Figure 3: A spectrum of intuitionistic calculi 





- AJ'" ^ AJ ^ A 


Sequent Calculus 


Natural Deduction 



Terms have no free occurrences of co-variables. Each co-term or command has exactly 
one free occurrence of *. Sequents are restricted to have exactly one formula in the RHS. 
Therefore, they have the particular forms T \- t : A, T\e : A\- * : B and c : (F h * : B). We 
omit writing the intuitionistic typing rules. Reduction rules read as for Xfijl, except for vr 
and /x: 

(vr) {fj.*.c\E) ^ [E/*]c (/i) fi*.{t\*)^t 

Since * ^ t, [E/*]t = t. Let us spell out [E/*]c and [E/*]e. 

[E/*]{t\e) = {t\[E/*]e) [E/*]{u :: e) = u::[E/*]e 

[E/*]* = E [E/*]{fix.c) = fix.[E/*]c 

If we define rule vr as {fj.*.{t\e)\E) (t|[ii;/*]e) and [E/*]{fix.{t\e)) = p,x.{t\[E/*]e) we can 
avoid using [E/*]c altogether. 

The AJ™*'^-calculus is obtained from the intuitionistic fragment as a mere notational 
variant. The co-variable * disappears from the syntax. The co-term * is written []. {c} is 
the coercion of a command to a term, corresponding to fj,*.c. This coercion is what remains 
of the fj, binder in the intuitionistic fragment. Since there is no /i, there is little sense for 
the notation /i. So we write (x)c instead of jlx.c. Reduction rule /i now reads {t[]} — > t and 
is renamed as e. Sequents F|e : A \- * : B and c : (T \- * : B) are written F|e : A \- B and 
F — ^ B. Co-terms are ranged over by / (instead of e) and thought of as generalised lists. 
Finally, [E/*]l is written l@E. 

3.2. A spectrum of intuitionistic calculi. The calculus AJ""**^ can also be explained 
as the end product of successive extensions of the simply-typed A-calculus through several 
intuitionistic calculi, as illustrated in Fig. [3l which includes both natural deduction systems 
and sequent calculi other than AJ™**^. 

Each extension step adds both a new feature and a reduction rule to the preceding 
calculus. The following table summarizes these extensions. 



calculus 


reduction rules 


feature added 


A 


P 




AJ 




generalised application 


AJ-" 




multiarity 


AJ™* 




explicit substitution 






empty lists of arguments 



The scheme for naming systems and reduction rules intends to be systematic (and in par- 
ticular explains the name AJ'"'^^). 

The path between the two end-points of this spectrum visits and organizes systems 
known from the literature. A J is a variant of the calculus AJ of [2T]. A J™ is a variant of 
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Figure 4: Typing rules of A J 



T,x: Aht: B 
Ax — ^ — ; — . _ „ Intro 



T,x : Ah X : A T h Xx.t : A D B 

Tht:ADB Thu-.A T,x:Bhv:C 
r h t{u,x.v) : C 



GApp 



the system in |10j . AJ™**^ is studied in under the name X^^^. This path is by no means 
unique. Other intermediate systems could have been visited (like the multiary A-calculus 
A™, named XPh in llOj), had the route been a different one, i.e., had the different new 
features been added in a different order. The reader is referred to the literature for the 
specific motivations underlying the introduction of the intermediate systems A J, AJ™, and 
AJ™^. Here, their interest lies in being the successive systems obtained by the addition, in 
a specific order, of the features exhibited by AJ™'**^. 

Each system £. € {AJ, AJ'", AJ"''^} embeds in the system immediately after it in this 
spectrum, in the sense of allowing a mapping that strictly simulates reduction. Hence, 
strong normalisation is inherited from AJ'"'*^ all the way down to AJ. Also, each C € 
{AJ, AJ"", AJ™*} has, by composition, an embedding gc in AJ™**^. Let us see all this with 
some detail. 



3.2.1. X3-calculus. The terms of AJ are generated by the grammar: 

t,u,v ::= x\ Xx.t\t{u,x.v) 
Construction t{u,x.v) is called generalised application. Following [21], {u,x.v) is called a 
generalised argument; they will be denoted by the letters R and S. Typing rules for x and 
Xx.t are as usual, and the new rule is that of generalised application, given in Figured! 
Reduction rules are as in [21], except that vr is defined in the "eager" way: 

(/3) {Xx.t){u,y.v) [[u/x]t/y]v (vr) tRS t{R@S) 

where the generalised argument R@S is defined by recursion on R: 

{u,x.V)@S = {u,x.VS) {u,x.tR')@S = {u,x.t{R'@S)), 

for V a value, i.e., a variable or a A-abstraction. The operation @ is associative, which 
allows to join the critical pair of vr with itself as before for XJ"^'^^. The other critical pair 
stems from the interaction of /? and vr and is joinable as well. 

Strong normalisation of typable terms immediately follows from that of A J in |22J , but 
in the present article, we even get an embedding into A. 

Although we won't use it, we recall the embedding J : A ^ AJ just for completeness: 

J{x) = X 
J{Xx.t) = Xx.J{t) 
J{tu) = J{t){J{u),x.x) 
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Figure 5: Typing rules of A J™ 

Tht: Ad B Thu: A T\l : B h C 
Ax ^, „ ^ — GMApp 



r,x : Ah X : A Tht{u,l):C 

Thu:A r\l:BhC T,x:Aht:B 
T\u::l:ADBhC T h Xx.t -.AdB 

r,x:Ahv:B 



T\(x)v :AhB 



Sel 



3.2.2. Xi"^ -calculus. We offer now a new, lighter, presentation of the system in [10]. The 
expressions of AJ"^ are given by the grammar: 

(Terms) t,u,v ::= x\Xx.t\t{u,l) (Co-terms) / ::= u::l\{x)v 

The application t(n, /) is both generalised and multiary. Multiarity is the ability of forming 
a chain of arguments, as in t{ui,U2 ■■ :: {x)v). By the way, this term is written t{ui,U2 :: 
Us :: [], {x)v) in the syntax of [10]. There are two kinds of sequents: T \- t : A and r|/ : A\- B. 
Typing rules are given in Figure \5\ 

We re-define reduction rules of [10] in this new syntax. Rule /u can now be defined as 
a relation on co-terms. Rule vr is changed to the "eager" version, using letters R and S for 
generalised arguments, i.e., elements of the form {u,l). 

(/3i) {Xx.t){u,{y)v) ^ [[u/x]t/y]v 

{[32) {Xx.t){u,v ::l) {[u/x]t){v,l) 

(vr) tRS t{R@S) 

(li) {x)x{u,l) u::l, ifx^u,l 

/3 = /?! U /?2. The generalised argument R@S is defined with the auxiliary notion of the 
co-term l@S that is defined by recursion on / by 

{u :: l)@S = u:: (mS) 
i{x)V)@S = ix)VS, for V a value 
{ix)t{u,l))@S = lx)t{u,l@S) 

Then, define R@S by {u,l)@S = {u,l@S). Since the auxiliary operation @ can be proven 
associative, this also holds for the operation @ on generalised arguments. Apart from the 
usual self-overlapping of tt that is joinable by associativity of @, there are critical pairs 
between /3j and tt that are joinable. The last critical pair is between /?i and fi and needs a 
/32-step to be joined. 

The embedding m : AJ ^ AJ"" is given by 

m{x) = X 
m{Xx.t) = Xx.m{t) 
m{t{u,x.v)) = m{t){m{u), {x)m{v)) 



CPS AND STRONG NORMALISATION FOR INTUITIONISTIC SEQUENT CALCULI 



11 



Figure 6: Typing rules of AJ™'^: GMApp of AJ™ is generalized to Cut 

Tht: A T\l: Ah B 
Ax I — 7^ Cut 



r,x : Ah X : A Thtl: B 

Thu:A r\l:BhC r,x:Aht:B 
r\u::l:ADBhC ThXx.f.ADB 

r,x:A\-v:B 

Sel 



T\{x)v -.AhB 



3.2.3. XJ^'"^ -calculus. The expressions of AJ""* are given by: 

(Terms) t,u,v ::= x\Xx.t\tl (Co-terms) I ::= u::l\{x)v 

The construction tl has a double role: either it is a generalised and multiary application 
t{u :: I) or it is an explicit substitution t{x)v. See Figure [6] for the typing rules. 
The reduction rules are as follows: 

(/?) {Xx.t){u :: /) u{{x)tl) {a) t{x)v [t/x]v 

(tt) {tl){u :: I') t {m{u :: I')) (yu) ix)xl I, x ^ I 

where the co-term is defined by 

(n :: l)@l' = u :: {mi') 

{{x)V)@r = {x)Vl', for V a value 

{{x)tl)@r = lx)t{mi') 

Again, @ is associative and guarantees the joinability of the critical pair of vr with itself. The 
critical pairs between /? and vr and between a and /i are joinable as for AJ™**^. The overlap 
between a and vr is bigger than in AJ'"'^'^ since the divergence arises for t{{x)v){u :: /) with 
V an arbitrary term whereas in AJ'"'"^, there is only a command at that place. Joinability 
is nevertheless easily established. 

Comparing these reduction rules with those of AJ'", there is only one /3-rule, whose 
effect is to generate a substitution. There is a separate rule a for substitution execution. 
The embedding s : AJ"^ ^ AJ""" is defined by 

s{x) = X s(u :: /) = s{u) :: s{l) 

s{Xx.t) = Xx.s{t) s{{x)v) = {x)s{v) 

s{tlu,l)) = s{t){s{u) :: s{l)) 

Finally, let us compare AJ""^ and AJ™'^^. In the former, any term can be in the scope 
of a selection (x), whereas in the latter the scope of a selection is a command. But in the 
latter we have a new form of co-term []. Since in AJ"""^ we can coerce any term t to a 
command t[], we can translate AJ'"* into AJ™**^, by defining e{{x)t) = {x)e{t)\}. In fact, 
one has to refine this idea in order to get strict simulation of reduction. The embedding 
e : AJ'"" ^ AJ""^*^ is defined as 

e{x) = x e{u :: /) = e{u) :: e{l) 

e{Xx.t) = Xx.e{t) e{{x)V) = ix)e{V)[] 

e{tl) = {e{t)e{l)} e{{x)tl) = (x)e(t)e(/) 
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Proposition 3.1. Each of the embeddings m, s and e preserves typability and types and 
strictly simulates reduction. 

Proof. Preservation of typability and types is immediate by induction on typing derivations. 

For strict simulation, we prove by induction 

(i) : t ^t' ^ m{t) ^+ m{t'), for any t, f' E A J 

(ii) : t^t' ^ sit) ^+ s(i'), for any t,t' G AJ™ 

(iii) : t^t' ^ e{t) ^+ e(t') and e[{x)t) ^+ e{{x)t'), for any t,t' G AJ™" 

which for / G {s, e} requires simultaneous proof of: I I' =^ /(/) /(^')- We show 
only some details of the proof of (iii). (The other statements have simpler proofs.) In the 
cases where t -^r t' (resp. / —>■ I'), with R G tt,//}, in AJ'"'*, we have e{t) — >r e(t') and 
e{{x)t) — >R e{{x)t') (resp. e(Z) -^r e{l')) in AJ™"*^. The proof relative to 7r-steps requires 
commutation of the embedding with the append operator, that is requires the identity: 
e{l@l') = e{l)@e{l'), for any 1,1' G AJ™*. For a-steps the situation is different: one a-step 
in AJ"^* gives rise to one cr-step in AJ™*^ but also, possibly, to tt and e steps. We consider 
below the base case of cr-reduction. The following two observations are needed: 

(1) {y)e{t)[] ^* e{{y)t), for any t G AJ™* and any variable y; 

(2) [e{t)/x]e{u) ^* e{[t/x]u), for any t,u E AJ™* and any variable x. 

In the first observation, one can say more specifically that no vr-step is required if t is a 
value and otherwise, if i is a command, exactly one 7r-step of the form {c}[] — > c is needed 
(with c a command). The second observation uses the first and is proved simultaneously 
with its analogue for co-terms. 

Let us then consider the case where wc have the reduction t(x)v [t/x]v in A J™* . 
We concentrate on the sub-case v = V. (The other sub-case, where v = tolo, is similar.) 

e{t{x)V) = {e{t){x)e{V)[]} 

{m/xMvm 

= {[eit)/x]eiV)[]} 

m/x]e{V) 

^* e([t/a;]F) (Observation (2) above) 

Now we need to prove: e{(y)t{x)v) -^^ e{(y)[t / x]v) . We consider the possible forms of V. 
Sub-sub-case V = x. 

e{{y)t{x)x) = {y)e{t){x)x[] 
{y)em 

^* e({y)t) (Observation (1) above) 

= e{iy)[t/x]x) 

Sub-sub-case V = z, with z a variable distinct of x: 

e{{y)t{x)z) = {y)e{t){x)z[] 

{y)z[] 

= e((y)[i/a;]z) 

Sub-sub-case V = Xz.u: 

e{{y)t{x)\z.u) = {y)e{t){x)e{Xz.u)W 



(y)[e(t)/x]e(Az.n)[] 

{y)e{[t/x]{Xz.u))W (Observation (2) above) 
e{{y)[t/x]{Xz.u)) {[t/x]{Xz.u) is a value) 
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□ 



3.3. Confluence. For many purposes, it should suffice to have local confluence, which we 
do have for all the systems of this article, since in all of them, the critical pairs are joinable. 
Hence, thanks to Newman's lemma, all systems are confluent on typable terms since they 
are strongly normalizing, as shown in the later sections. We also believe that the usual 
methods that show the diamond property for properly defined notions of parallel reduction 
would yield confluence of all our systems. The aim of this section is to give indirect proofs 
for the systems of the spectrum, by inheriting confluence that is already known. 

Firstly, we argue about confluence of A J and AJ™. Secondly, we define and study a 
mapping from A J™* to AJ"^. Thirdly, we apply the "interpretation method" to obtain 
confluence also of AJ"^**. Finally, we do the same for A J™* and AJ™*^ in order to infer 
confluence of AJ'"'*''. 

Confluence of AJ can be obtained from confluence of the original system AJ in [21] 
where vr is lazy. Below we call vf the original lazy version of vr, which reduces t{u,x.v)S 
only to t{u,x.vS) (for v a value V, there is no difference between vr and vf). Confluence for 
-^/3n is obtained from confluence of — in the same way as in pjj confluence of -^jSn' is 
obtained from — >/35f, where vr' is yet another variant of vr. 

Theorem 3.2. ^f^n in XJ is confluent. 

Proof. Assume t -^*^^ ti and t t2- Then, also t — h and t ^^^f t2, and by confluence 
of ^/35f there exists ts such that ti — ^^^^ h and t2 ^^^f ^3- The facts 

(1) t' TT{t'), for ah t' in AJ, 

(2) t' t" implies 7r(t') 7r(t"), for ah t' ,t" in AJ, 

where notation 7r(t') represents the vr normal form of term t' (definable by recursion on t' , 
using a very eager form of generalised application [21]), allow to conclude that ti,t2 both 
/37r-reduce to 7r(t3). □ 

What has been said above for A J can be recast for AJ"", and confluence of -^p-K^ 
obtained from confluence of — >/35f/i [H]. In AJ™, the lazy vr rule reads tRS t{R@S), 
where {u,l)@S = {u,mS), and (n :: l)@S = u :: (mS) and {{x)t)@S = {x)tS. 

Theorem 3.3. ^f^nfj, in AJ™ is confluent. 

Proof. The proof above holds if /3 is replaced by P/j,. In particular, we have 

(1) t' TT{t'), for ah t' in AJ™, 

(2) t' ^l^^ t" implies nit') ^^^^ nit"), for all t', t" in AJ™. □ 

Now consider confluence of AJ™^. In this case, we cannot rely on a previous result of 
confluence for some variant of the system. Instead, we will lift the confluence result of [11] 
to AJ™^ First, we define a mapping (_)t : AJ™"* AJ™ in Figure [71 

Proposition 3.4. 

(1) For a//t G AJ™^ i ^* s(tt). 

(2) Ift^u in AJ™', then t^ ^*^^^ in AJ™. 
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Figure 7: Translation of AJ'"* into AJ"^ 



X' 



{t{x)v)^ = [tyx]v^ 

{{x)v)^ = {x)v^ 
(u :: 0^ = ■■■■ 



Proof. 1. The claim is proved together with the similar claim for / E A J™* by simultaneous 
induction on t and /. 

2. The claim is proved together with the similar claim for / ^ /' in AJ™^. The proof is 
by simultaneous induction on t — s- n and I ^ I' . The proof uses the following facts: 

(i) (Ax.it)(^t,/t) [y)/x]{tl)y 

(ii) {th)\u\l2^) ^1 {t{lMn ■■: and h^@{u\h^) ^1 {h@u :: /s)^ 

(iii) [tt/x]t;t = {[t/x]v)\ 

(iv) {x){xl)^ ^= /t,ifx^/0 

(i) and (iv) are proved by case analysis of I. (ii) is proved by induction on li. (iii) is 
proved together with = ([t/x]/)^ by simultaneous induction on v and /H □ 

Theorem 3.5. — ^/j-n-cr/t AJ""* is confluent. 

Proof. Suppose t U, i = 1,2, in AJ™'^. By part 2 of Proposition I3.4[ ™ 

AJ™. By confluence [llj, there is n e AJ™ such that ti^ ^- property 2 in the proof 

of Theorem 13.31 we get ij^ ~^*piTfi '''"(^)- By the properties of mapping s : A J™ AJ™*, we 
get s{ti^) — >-^7ro-/i ^{''^i'^))- We close the diagram in AJ™* because ^* s(tj^). □ 

Finally we consider confluence of AJ'"'^^. We will lift confluence of AJ""*. First, we 
define a mapping (_)° : AJ™**^ AJ""* in Figure [8] whose intuitive idea is that, in some 
sense, AJ'"'*'^ is a subsystem of AJ""* - precisely the subsystem where selection is restricted 
to the cases {x)x and {x)tl. 

Proposition 3.6. 

(1) For all t e AJ'"^^ e{t°) ^* t. 

(2) Ift^u in AJ™*^ then t° ^+ u° in XJ""' . 

Proof. Claim 1 is proved together with the similar claim e{l°) ^* /, by simultaneous induc- 
tion on t and /. 

Claim 2 for n and e is a direct verification. Since there are no commands in AJ™*, 
one would have to study always two versions of P, n and a: once inside braces {}, once 
bound by (y). However, since all three rules have the form tili — > t2^2, it suffices to 

^— denotes the reflexive closure of ^r. 

^In AJ"' one has to use n and not tt for statement (2) to hold. Consider the AJ'"''-terms vq — to{uo :: 
{x){ti{z)z)){u :: k) and ni = to{ua :: (x)ti{z)z{u :: k)). Then «o — »7r v\ but -^tt vi' fails. 
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Figure 8: Embedding of AJ"""*^ into AJ' 



{Xx.t)° = \x.t° 

{tiy = er 

[]° = {x)x 

{{x)ti)° = {x)t°r 

{u :: ly = u° :: 1° 



Figure 9: Description of ^u-normalisation function in AJ"^ 

^x = X 

li{Xx.t) = Ax. /it 

fj,{tl} = {fit fil} 

= D 

fj,{{x)tl) = fxl (if t = X and x ^ I) 

fj,{{x)tl) = {x)fitfil (otherwise) 

fi{u :: /) = fiu :: fil 



verify — >^ i2°^2° for them. For a, we also need the facts {[t/x]u)° = [t°/x]u° and 
{[t/x]l)° = [t° /x]l° , and for the non-nil case of vr, the fact l°@{ui :: li)° (/@ni :: is 
proved by induction on /. □ 

The first statement of the previous proposition is an obstacle to an immediate applica- 
tion of the "interpretation method", because the /i-reduction goes in the wrong direction. 
We overcome this by observing that, as a consequence of e{t°) — >* t, we have t — >* ix[e{t°)). 
(Here /i is the function that assigns the /^-normal form of an expression. Clearly, reduc- 
tion rule jjL alone is terminating and locally confluent, hence confluent.) So, in the proof 
of confluence (Theorem 13.81 below) there will be an extra step relying on the properties of 
mapping /i, which is explicitly given in Figure [9l 

Proposition 3.7. In Xi^'^^ , ift^u, then jit jiu. 

Proof. The claim is proved together with the similar claim for / ^ by simultaneous in- 
duction ont ^ u and / — > /'. The proof makes use of the following facts: (i) (x) fi{t) iJ,{l) 
IJ,{{x)tl); (ii) commutation of mapping fi with substitution; (iii) commutation of mapping ^ 
with append. Fact (i) is immediate from definition. Facts (ii) and (iii) are proved by easy 
inductions. □ 

Theorem 3.8. -^(^-n-afie in AJ™'^^ is confluent. 
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Proof. Suppose t U, i = 1,2, in AJ'"''^ By part 2 of Proposition ESI t° -^^^^^ 

in AJ'"''. By confluence (Theorem I3.5p . there is u € A J™'' such that tj° — u. By the 
properties of mapping e : AJ'"* AJ™*^, we get e(tj°) ^^^^.^^ e(n). Proposition 13. 71 yields 
fi{e{ti°)) fi{e{u)). We close the diagram in AJ'"'*'^ because U ^* fi{e{ti°)). □ 

Notice that we might have inferred confluence of AJ™^*^ of that of the call-by-name 
A)U/i-calculus, presented in Section [3.1 .It if this calculus is confluent, then its intuitionistic 
fragment is confluent as well since it has just the same rules on a subset of terms, co-terms 
and commands that is closed under reduction. Finally, its isomorphic copy AJ""***^ would 
be confluent as well. However, we are not aware of a proof of confluence of our version of 
call-by-name A///i-calculus: the calculus considered in [25j does not have the rules /i and /i, 
has a more restrictive notion of evaluation contexts and imposes cr-reduction immediately 
following applications of (3. As mentioned above, we would expect that the standard direct 
proof methods would be applicable to establish confluence of all of the systems considered 
in this section. 



4. CGPS TRANSLATIONS 

In this section we define a CPS translation for AJ™'^'^ into the simply-typed A-calculus 
and show how it fails to provide a strict simulation of reduction. Next we refine the CPS 
translation to a CGPS translation of AJ'"'^^ and show that strict simulation of reduction is 
obtained. Strong normalisation for AJ™'^^ follows. Finally, we adapt the CGPS translation 
to the subsystems of AJ'"''^. 

4.1. CPS translation for AJ™'^'^. We assume the reader is familiar with simply-typed 
lambda-calculus (we write A D B for the function type A ^ B and — >^ for the one-step 
reduction relation). Fix a ground type (some type variable) _L. Then, ^A := A D -L, 
as usual in intuitionistic logic. While our calculus is strictly intuitionistic in nature, a 
double-negation translation nevertheless proves useful for the purposes of establishing strong 
normalisation, as has been shown by de Groote [6] for disjunction with its commuting 
conversions. A type A will be translated to A = -i-i^*, with the type A* defined by 
recursion on A (where the definition of A is used as an abbreviation): 

X* = X 
{A D B)* = D 

We thus obtain 

X = ^^X 

Ad B = -n^i^B D -nA) 

The symmetrically-looking definition of {A D B)* is logically equivalent to A D ^^B. 
The additional double negation of B is needed even for weak simulation to hold. See 
Subsection 14.41 for a discussion of this issue. 

The translation of all syntactic elements T will be presented in Plotkin's [32] colon 
notation (T : K) for some term K taken from simply-typed A-calculus. A term t of AJ™*^ 
will then be translated into the simply-typed A-term 

t = \k.{t : k) 
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Figure 10: CPS translation of AJ 



(x 


K) 


= xK 


(D 


K) 


= Xw.wK 


{Xx.t 


K) 


= K{\wx.wt) 


(u :: I 


K) 


= \w.w{\m.m {I : K) 




K) 


= {c:K) 


{{x)c 


K) 


= \x.{c:K) 










K) 


= it:K) 








{t{u :: I) 


K) 


= {t : Xm.m {I : K) u) 








{t{x)c 


K) 


= l{x)c : K)t 



Figure 11: Admissible typing rules for CPS translation of AJ""**^ 

T^t: A r, r' h K : T ^ A T,T' h K : -^A* 

r, P' h (t : K) : _L P, P' h (c : K) : _L 

T\l:A^B T,r'hK:^B* 
P, T' h {I: K): ^A 

with a "fresh" variable k (one that is not free in t). The definition of (T : K) in Figure [TOl 
uses the definition of t as an abbreviation (the variables m, w are supposed to be "fresh" , 
in the obvious sense) . The translation admits the typing rules of Figure lllj^ Only the first 
premise in these three rules refers to AJ'"'*'^, the other ones to simply-typed A-calculus. P 
is derived from P by replacing every a; : C in P by x : C As a direct consequence (to be 
established during the proof of the above typings), type soundness of the CPS translation 
follows: 

P hAjr"=<= t : A \-xt :A 

This CPS translation is also sound for reduction, in the sense that each reduction step 
in AJ™'^^ translates to zero or more /3-steps in A-calculus. Because of the collapsing of some 
reductions, this result does not guarantee yet strong normalisation of XJ"^^'^. 

Proposition 4.1. If t ^ u in X3^^^ , then t — >^ u in the X-calculus. 

Proof. Simultaneously we prove 

T ^ T' ^ {T : K) {T' : K) 

for T, T' terms, co-terms or commands. More specifically, at the base cases, the CPS 
translation does the following: it identifies e and vr-steps, sends one ^u-step into zero or more 
/3-steps in A-calculus and sends one /? or a-step into one or more /3-steps in A-calculus. Some 
comments on lemmata used in this proof can be found in the next section. □ 



Regrettably, the contexts F' observed in these rules, as well as those observable below in the rules of 
Fig. 1131 were missing in [12] . 
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4.2. CGPS translation for AJ™*^. This is the central mathematical finding of the present 
article. It is very much inspired from a "continuation and garbage passing style" translation 
for Parigot's A;U-calculus, proposed by Ikeda and Nakazawa [2^. While they use garbage 
to overcome the problems of earlier CPS translations that did not carry /3-steps to at 
least one /3-step if they were under a vacuous ^-binding, as reported in [29] , we ensure strict 
simulation of e, vr and /j,. Therefore, we can avoid the separate proof of strong normalisation 
of permutation steps alone that is used in addition to the CPS in [6] (there in order to treat 
disjunction and not for sequent calculi as we do). 

Our CGPS translation passes "garbage", in addition to continuations. We mean by 
"garbage" A-terms, denoted G, that are carried around for their operational properties, not 
for denotational purposes. They inhabit a type T, of which we only require that there is 
a term s : T D T such that s G G. This can of course be realized by any type, with 
s := Ax.x, but it is useful, in view of a comparison with [20], to have in mind another 
realization, namely T :=_Ld_L and s := \x.[x;\z.z\. Here we are using the abbreviation 
[t]u] := {Xx.t)u for some x ^ t. Then, [t;u\ —>-p t, and T h t : A and T h u : B together 
imply r h [t; u] : ^ (as a derived typing rule of simply- typed A-calculus). This is a form of 
"deliberate garbage" that is used in [20]. Instead of sG, we will write s(G). We will also 
speak about "units of garbage" . This is so because, in our translation, garbage will always 
have one of the forms g (a variable), s{g), 5{s{g)), etc. We say that s{G) has one more "unit 
of garbage" than G, or that, in s(G), G is "incremented". In the particular realization 
T :=_Ld_L, s((jr) =is [G;Xz.z]; we may regard Xz.z (which lives in T) as the "unit" that is 
added to G. In [20], garbage is built by "adding" a continuation K to G, as in [G;iir]. 

The only change w. r. t. the type translation in CPS is that, now, 

A = T D -^^A* 

is used throughout, hence, again, X* = X and {A D B)* = ^B D -^A. 

We define the simply-typed A-term (T : G, K) for every syntactic construct T of AJ"^^*^ 
and simply-typed A-terms G and K. Then, the translation of term t is defined to be 

t = Xgk.{t : g,k) 

with "new" variables g,k, that is again used as an abbreviation inside the recursive definition 
of (T : G,K) in Figure [T2] (the variables m,w are again "fresh" )Q 

If one removes the garbage argument, one precisely obtains the CPS translation. The 
translation admits the typing rules of Figure [T3l 

For r see the previous section. Therefore (and to be proven simultaneously), the CGPS 
translation satisfies type soundness, i. e., F h t : ^ implies T \-t : A. 

Lemma 4.2. In AJ™**^ the following holds: 

(1) \t/x\{T : G,K) — >^ {[t/x]T : \i/x]G, \i/x]K) for T any u, I or c, and, in particular, 
\f/x\u [t/x]u. 

There is a slight, but important, difference between the definition of the CGPS translation presented 
here and that presented in [12] , In [12] . several clauses in the definition of (I : G, K) or (c : G, K) contained 
garbage increment s(G), whereas in the present definition those increments are, so to speak, concentrated 
in the clause for ({c} : G,K). The importance of this re-definition is that it makes the purpose of those 
increments more perspicuous - see the discussion around the simulation theorem below. For the sake of 
a precise connection between the two definitions, let us write the translation of 12 as [T : G, K] and 
t. Then, by an easy induction, one obtains {t : G,K) = [t : G,K], [I : s{G),K) = [/ : G,K], and 
(c : s{G),K) = [c : G,K]. Hence I = !. 
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Figure 12: CGPS translation of AJ 



(x : 


■.G,K) 


= xs{G)K 


{Xx.t : 


■.G,K) 


= [K\\wx.wt)]G] 


({c}: 


■.G,K) 


= (c:s(G),K) 


([]: 


■.G,K) 


= Xw.w GK 


(n :: / : 


■.G,K) 


= Xw.w G{Xm.m (/ : G, K) u) 


{{x)c : 


■■G,K) 


= Xx.{c:G,K) 




■G,K) 


= {t:G,K) 


{t{u :: /) : 


■■G,K) 


= {t : G,Xm.m{l : G,K)u) 


{t{x)c : 


■■G,K) 


= {{x)c:G,K)t 



Figure 13: Admissible typing rules for CGPS translation of AJ'"'^'^ 

T^t:A T,T'^G:T T,T'^ K -.^A* r\l : Ah B F, F^ h G : T T,T' h K : ^B* 
T, T' h it:G,K) : ± T, F' h (/ : G, K) : -^A 

T A F, F^ h G : T T,r' h K : ^A* 
r,F' h (c : G,K) ■ ± 



(2) [t/x]{T ■.G,K) = {T: [t/x]G, [t/x]K) for T any u, I or c such that x^T. 

(3) G and K are suhterms of (T : G, K) for T any u, I or c. 

(4) {t:s{G),K) ^+ {t:G,K). 

(5) {I : G, K)t ^* {tl : G, K) 

(6) Xx.{xl : G,K) ^+ (/ :G,K) if x ^ l,G,K. 

(7) (a) {tl : s(G), Xm.m{l' : G, K)u) ^+ {t {m{u :: /')) : G, K) 
(h) {I : s(G),Am.m(/' : G,K)u) ^+ :: /') : G,K) 

Proof. [H/GJ/fSl Each one by simultaneous induction on terms, co-terms and commands. 
Notice that the second statement has to be proven simultaneously, but that it follows 
immediately from the particular case T = u oi the first statement. 

H 

(t:s(G),K) = [s{G)/g]{t:g,K) (by El) 
^+ [G/g]{t:g,K) (*) 
= {t:G,K) (by El) 

where (*) is justified by the fact that g occurs in {t : K), as guaranteed byO 
m Straightforward case analysis on I. 
[H Case analysis on I. 
Case ^ = []. 
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Xx.{x[]:G,K) = Xx.{x:G,K) 
= \x.xs{G)K 
Xx.xGK 



-- {[]:G,K) {as x^G,K) 



Case I = u :: I'. 



)u) 
)u) 



Xx.{x{u :: I') ■.G,K) = Xx.{x : G, Xm.m{l' : G, K)l 

= Xx.xsiG){Xm.mil' : G,K)1 

^+ Xx.xG{Xm.m{l' : G,K)u) 

= {u::l':G,K) {as x ^ uj' ,G, K) 

Case / = (y)c. 

Xx.{x{y)c :G,K) = Xx.{Xy.{c : G, K))x 

-^p Xx.[x/y]{c:G,K) 

= Xy.[y/x][x/y]{c:G,K) 

= Xy.[[y/x]x/y\{c:G,K) (as a; ^ c, G, i^, and by El) 

= Xy.[y/y]{c:G,K) 

Xy.{[y/y]c:G,K) (byH) 

= mc:G,K) 

[71 (a) and (b) are proved simultaneously by induction on /. 
Case ^ = []. 

(fQ : s(G), Xm.m{l' : G, K)u) = {t : s{G), Xm.m{l' : G, K)u) 

^+ {t : G, Xm.m{l' : G, K)u) (byH) 
= {t{mu::l')):G,K) 

(0 : s(G), Xm.m(l' : G, K)u) = Xw.w s{G){Xm.m{l' : G, K)u) 

Xw.wG{Xm.m{l' : G,K)u) 
= {[]@{u::l'):G,K) 

Case I = uq :: Iq. 

{t{uo :: lo) : s(G), Xm.m{l' : G, K)u) 
= {t : s(G), Xn.n{lo : s(G), Xm.m{l' : G, K)u)u^) 
^+ {t : s(G), Xn.nllo@{u :: I') : G, K)u^) (by IH (b)) 

{t:G,Xn.n{lo@{u::l'):G,K)u^) (byH) 
= itiiuo::lo)@iu::l')):G,K) 

[uo :: Iq ■ 5{G), Xm.m{l' : G,K)u) 
= Xw.w s{G){Xn.n{lo : s{G), Xm.m{l' : G,K)u)u^) 

Xw.w s(G)(An.n(/o@(n :: /') : G, K)u^) (by IH (b)) 

^+ Xw.wG{Xn.n{lo@{u :: I') : G, K)u^) 
= {{uo::lo)@iu::l'):G,K) 

Case / = {x)volo. Part (b) follows from the induction hypothesis (a) for /q, and 
) is an immediate consequence of (b). 
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Theorem 4.3 (Simulation). If t ^ u in AJ'"'"^, then t u in the X-calculus. 

Proof. Simultaneously we prove: T ^ T' =^ (T : G, K) — >^ (T' : G, K) for T, T' terms, 
co-terms or commands. We illustrate the cases of the base rules. 
Case j3: {Xx.t){u :: /) —i- u{x)tl. 

{{\x.t){u :: I) :G,K) = {Xx.t : G, Xm.m{l : G, K)u) 

= [{\m.m{l : G, K)u){Xwx.wt); G] 
{Xx.{l : G,K)t)u 

{Xx.{tl : G,K))u (LemmaSjEI) 
= {u{x)tl : G,K) 

Case vr: {tl}E t (mE). Sub-case E = []. 

i{tl}[]:G,K) = {{tl}:G,K) 
= {tl:s{G),K) 
^+ {tl:G,K) (Lemma USED 

= {tim[]):G,K). 

Sub-case E = u :: I'. 

{{tl}{u :: I') :G,K) = {{tl} : G, Am.m(/' : G, K)u) 
= {tl ■.5{G),Xm.m{l' :G,K)u) 
^+ {t {m{u :: I')) : G, K) (LemmagMD 

Case a: t{x)c — > [t/x\c. 

{t{x)c:G,K) = {Xx.{c:G,K))t 



[t/x\{c:G,K) 

{[t/x]c:G,K) (Lemma W?m\ 



Case /i: {x)xl — > if x ^ L 

{{x)xl ■.G,K) = Xx.{xl : G,K) ^+ {I : G,K) (Lemma S^!]) 

Case e: {t[]} ^ t. 

m}:G,K) = {t[]:s{G),K) 
= it:s{G),K) 
^+ {t:G,K) (Lemma HSU 

The cases corresponding to the closure rule t ^ t' =^ tl — > t'l (resp. / I' =^ tl — > tl') 
can be proved by case analysis on / (resp. I — > I'). The cases corresponding to the other 
closure rules follow by routine induction. □ 



Remark 4.4. Unlike the failed strict simulation by CPS reported in [29] that only occurred 
with the closure rules, the need for garbage in our translation is already clearly visible in the 
subcase = [] for vr and the case e. But the garbage is also effective for the closure rules, 
where the most delicate rule is the translation of t{u :: I) that mentions / and u only in the 
continuation argument K to t's translation. Lemma 14.2131 is responsible for propagation of 
strict simulation. The structure of our garbage - essentially just "units of garbage" - can 
thus be easier than in the CGPS in [20j for A/i-calculus since there, K cannot be guaranteed 
to be a subterm of (T : G,K), again because of the problem with void /^-abstractions. The 
solution of [20] for the most delicate case of application is to copy the K argument into the 
garbage. We do not need this in our intuitionistic calculi. However, since we need garbage 
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for some base cases, we also had to make sure that reductions in garbage arguments are not 
lost during propagation through the closure rules. 

Let us compare the CPS and CGPS translations in order to understand how garbage- 
passing ensures strict simulation. The analogue to Lemma 14.21 for the CPS translation is 
obtained by erasing garbage throughout, and replacing by equality in items |4] and [TJ 
and by — >^ in item [6l So, the properties of the CGPS translation are as "good" as those of 
the CPS translation, and at least a weak simulation could be expected. 

An inspection of the proofs of Lemma 14.21 and Theorem 14.31 shows that the CGPS 
translation generates reduction sequences which, so to speak, differ from those generated 
by CPS translation by the insertion of sequences of the form s{G) — >^ G. The point is that 
the CGPS translation does such insertion at all points where the CPS does an undesired 
identification (although it also does at other points where such insertion is unnecessary). 

The ultimate cause for the existence of such dynamic garbage decrement steps is the 
static garbage increment contained in the clauses defining (x : G,K) and ({c} : G,K). 
Moreover, it can be argued that the clause for (x : G, K) is responsible for strict simulation 
of /i-steps, whereas the clause for ({c} : G, K) is the cause for strict simulation of vr- or 
e-steps. 

The key for strict simulation of ^-steps is Lemma 14.2161 An inspection of the proof 
shows that garbage plays no role in the case / = {y)c (which already generated reduction 
steps through the CPS translation), and that, had (x : G,K) been defined as xGK, the 
same identifications obtained before with the CPS translation would have arisen again in 
the cases / = [] and I = u::l' . The definition of (x : G,K) causes many garbage decrement 
steps, which are useless most of the time (typically adding to the administrative steps, 
already generated in the case of the CPS translations, that mediate between \i/x]u and 
[t/x]u), but not so in the particular situations described in the cases I = [] and / = n :: /' of 
Lemma 14.2161 

The role of clause ({c} : G, K) is plain for e and the case S = [] of vr. As to the case 
E = u:: I', it suffices to observe that {tl : G, \m.m{l' : G, K)u) = {t {m{u :: /')) : G, K) (as 
an inspection of the proof of Lemma 14.2171 easilv shows). So, again, had ({c} : G,K) been 
defined as (c : G, K), the same identifications of vr- or e-steps obtained before with the CPS 
translation would have arisen. The definition of ({c} : G, K) means that garbage-passing 
does, among other things, some form of counting braces. The braces decrement observed 
in vr- or e-steps in the source is refiected by garbage decrement steps in the target. 

Corollary 4.5. The typable terms o/AJ™*"^ are strongly normalising. 

Recalling our discussion in Section [2l we already could have inferred strong normali- 
sation of AJ™**^ from that of A/u/i, which has been shown directly by Polonovski [33] using 
reducibility candidates and before by Lengrand's j23j embedding into a calculus by Urban 
that also has been proven strongly normalizing by the candidate method. Our proof is just 
by a syntactic transformation to simply-typed A-calculus. 

Since each of m, s and e preserves typability and strictly simulates reduction (Propo- 
sition [3lT]) , it follows from Corollary 14.51 that: 

Corollary 4.6. The typable terms o/AJ™*, AJ™ and AJ are strongly normalising. 
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4.3. CGPS translations for subsystems. We define CGPS translations for AJ""", A J™ 
and AJ. Tlie translation of types is unchanged. In each translation, we just show the clauses 
that are new. 



(1) For AJ 

{tl:G,K) = {tl;5{G),K) 

{{x)V ■.G,K) = Xx.{V : G, K) {V a value) 
{{x)tl:G,K) = \x.{tl-G,K) 

{t{x)v;G,K) = {{x)v:G,K)t 
{t{u::l);G,K) = {t : G, Xm.m {I : G, K)u) 

(2) For AJ'": there is no auxiliary operator {tl;G,K). 

{t{u,l) :G,K) = {t:s{G),\m.m{l :5{G),K)u) 
{ix)tlu, I) ■.G,K) = Xx.{t : G, Xm.m {I : G, K) u) 

(3) Finally for A J: 

{t{u,x.V) -.G^K) = {t:s{G),Xm.m{Xx.{V ■.s{G),K))u) (F a value) 

x.f) : G,K) = {t : s{G), Xm.m {Xx.{v : G,K))u) (v an application) 

In the case of AJ™^, the distinction between (tl : G, K) and {tl; G, K) is consistent with the 
distinction, in AJ'"''^ between ({c} : G,K) and (c : G,K)^ 

These translations are coherent with the CGPS translation for AJ""**^: 

Proposition 4.7. Let C £ {AJ'"'^, AJ"", AJ}. Let fc be the embedding of C in the immediate 
extension of C in the spectrum of Fig. \^ and let gc be the embedding of C in AJ"""^. Then, 
for all t € C, t = fc{t)- Hence, for all t £ C, t = gc{t)- 

Proof. For AJ""", let P{t) := ^G,K{{t ■.G,K) = (e(i) : G,K)), for every t G AJ'"^ Then, 
one proves 

(i) P{t); and 

(ii) (/ ■.G,K) = (e(0 : G, K) and Vt G AJ™^(P(t) =^ (e(t)e(O ■.G,K) = {tl; G, K)) 
by simultaneous induction on t and /. 

For AJ'", on proves (t : G,K) = {s{t) : G,K) and (/ : G,K) = {s{l) : G,K) by 
simultaneous induction on t and /. 

For AJ, one proves {t : G, K) = (m(t) : G, K) by induction on t. □ 

Therefore, since each of m, s and e, as well as the CGPS translation of AJ"'^*^, preserves 
typability, so does each CGPS translation of the subsystems. 

Theorem 4.8 (Simulation). Let C G {AJ""*, AJ™, AJ}. If t u in C, then t u in the 
X-calculus. 

Proof. By Propositions 13.11 and 14.71 and Theorem 14.31 □ 



We take the opportunity to correct a mistake in the CGPS translations for the subsystems of AJ"""^ 
given in [1^. The mistake was that some clauses in the definition of those translations lacked a needed 
case analysis. We repair the mistake now, using in this footnote the notations (T : G, K) and t with their 
meanings in [12) . For AJ""*: {{x)v : G,K) = \x.(v : G',K), where G' is either s(G), if « is a value; or G, 
otherwise. For AJ™, it should be understood that the clause for {{x)v : G,K) just given is inherited. For 
AJ: {t{u, x.v) : G,K) = {t : s(G), Xm.m {\x.{v : G' ,K)) u), where G' is s(G), if t; is a value; or G, otherwise. 
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Since the various CGPS translations preserve typability, Corollary 14.61 follows also from 
the previous theorem (and strong normalisation of the simply- typed A-calculus). 

The CGPS translations defined above for the subsystems of AJ™^*^, being consistent with 
the CGPS translation of AJ'"'^'^, have the advantage of inheriting the simulation theorem, 
and the disadvantage of not being optimized for the particular system on which they are 
defined. In fact, such translations can be optimized by omitting garbage increments s(G) 
in one or more of their clauses. We give one example of this phenomenon. 

Theorem 4.9 (Simulation). Let t and [t : G,K) be given for t £ AJ by: 

t = Xgk.{t:g,k) 

{x :G,K) = xGK 

{Xx.t:G,K) = [K{\wx.wt);G] 

{t{u,x.v) : G,K) = {t : s{G),\m.m{\x.{v : G,K))u) 

Ift^u in AJ, then t — s-^ u in the X-calculus. 
Proof. Similar to, but simpler than that of Theorem 14.31 □ 



4.4. C(G)PS translations with less double negations. Our definition of {A D B)* 
produces a type logically equivalent to A D ^^B, which has an extra double negation 
of B when compared with traditional CPS's. One may wonder what happens if one sets 
{A D B)* = A D B. There is no problem in defining a CPS translation based on that, 
but we would even lose weak simulation in the form of Proposition 14. li Let us take the 
simplified type translation, whose new clauses are: 

{Xx.t : K) = K{Xx.t) 
{u :: I : K) = Xw.w[Xm.{l : K){mu)) 
{t{u :: l):K) = {t : Xm.{l : K){mu)) 

This translation obeys to the typing rules of Figure [TTl but already /3 steps at the root do 
not obey to Proposition 14.11 



{{Xx.t){u :: []) : K) = {Xm.{Xw.wK){mu)){Xx.t) 
^1 {Xx.t)uK 
=p {Xx.tK)u 
-^p {Xx.{t : K))u 
= {n{xm):K) 

The problem is that there is no reduction step from {Xx.t)uK to (Xx.tK)u in A-calculus. 
Similar remarks apply to the subsystem AJ™*. 

The failed simulation just illustrated would have not occurred, had the /? rule been 
defined with implicit substitution: 

{Xx.t)uK -^13 {[u/x]t)K = [u/x]{tK) [u/x](t : K) ^} {[u/x]t : K) = {{[u/x]t}[] : K) 

This is consistent with another fact: weak simulation, through the simpler CPS, is recovered 
as soon as one moves down in the spectrum to AJ™ or AJ (systems where /3-reduction 
employs implicit substitution). For these systems, the combination of garbage passing with 
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the simpler CPS delivers strict simulation. The theorem below exemplifies the situation 
with A J (to be compared with Theorem | 



Theorem 4.10 (Simulation). For a type A, let A = T D ^^A* , X* = X and {A D B)* = 

A D B and for t G AJ, let t = \gk.{t : g, k) and {t : G, K) he defined as 

t = \gk.{t : 5, k) 

{x :G,K) = xGK 

{\x.t:G,K) = [K{\xI)]G] 

{t{u, x.v) -.G^K) = {t: s(G), \m.{\x.{v : G, K)){mu)) 

(1) IfT\-xjt: A then Thxt:A. 

(2) If t ^ u in AJ, then t — >^ u in the X-calculus. 

Proof. The proof of (1) is based on the fact that the first rule of Figure [13] is still admissible. 
Property (2) follows along the lines of theorems 14.91 and 14.31 requiring some properties 
analogous to those in Lemma 14.21 We illustrate below the base case for f3 (problematic for 
AJ™*^ and AJ™"*, as explained above): 

{{Xx.t){u, y.v) :G,K) = {Xx.t : s(G), Xm.{Xy.{v : G, K)){mu)) 

= [{Xm.{Xy.{v : G, K)){mu)){Xx.t); s(G)] 
^4 [ [u/x]t] /y]{v:G,K) 
^} [[u/x\t\/y]{v:G,K) 
{[[u/x]t\/y]v:G,K) 

□ 

Note that this translation of types, variables and A-abstr actions coincides with that 
of [20]. Evidently, the case of generalized application is new since it was not considered 
there. Only here is the need for a garbage increment. 

Finally, let us observe that the extra double negation in {A D B)* has to be integrated 
as -i-B D -lA, and not as ^ D -i-i-B. Had the latter alternative been adopted, and again, 
already for CPS, we would lose weak simulation. The CPS would then be defined by: 



K) = K{Xxw.wt) 

K) = Xw.w{Xm.mu{l : K)) 

K) = {t: Xm.mu{l : K)) 



{Xx.t 
{u :: / 
{t{u :: /) 

With these definitions, one calculates: 

{{Xx.t){u :: []) : K) = {Xrn.mu{Xw.wK)){Xxw.wt) 
— {Xxw.wt)u{Xw.wK) 
=13 {Xx.{Xw.wt){Xw.wK))u 

{Xx.{t : K))u 
= {n{xm]):K) 

Again, the undirected =/3-step cannot be dispensed with by reduction steps in A-calculus. 
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5. Higher-Order Systems 

In this section, we extend the CGPS translation to, and obtain strong normahsation 
for, the extensions of AJ™**^ described in the fohowing table: 



intuitionistic logic 


sequent calculus 


natural deduction system 


propositional 




A 


second-order propositional 




A2 


higher-order propositional 




Xuj 


higher-order predicate 




\H 



Such extensions constitute several systems of intuitionistic logic formulated as sequent cal- 
culi, and have a corresponding natural deduction system. The latter are formulated as 
domain- free type theories |_3], and all but one belong to the domain-free cube. The only 
exception is Ai?, which is a domain-free formulation of Geuvers' treatment of higher-order 
intuitionistic logic [14J. 

Each CGPS translation goes from a sequent calculus to the corresponding natural 
deduction system, where the latter is expected to satisfy strong normalisation. This is the 
case for the systems in the domain-free cube [3]- As to it is well known that it is a 
pure type system [T3] which, in addition, has a functional specification [3]. Now op.cit. 
shows that in such cases, strong normalisation of the domain-full system implies the same 
property for the domain-free one. Therefore, we infer from the strong normalisation of 
Geuvers' system that of XH. 

The formulation of the systems of higher order (unlike those at second order) require 
the introduction of an upper level of domains of quantification and their inhabitants. In 
order to avoid that these technicalities blur the simplicity by which the properties of the 
CGPS extend beyond the (zero-th order) propositional case, we decided to develop first 
the second-order case with the simplest formulation, even at the price of a little amount of 
redundancy. 

5.1. Second Order. All the results of the previous sections readily extend to the sec- 
ond order which is one of the important advantages of double-negation translations w. r. t. 
Godel's negative translation (employed for first-order A/i-calculus by Parigot [31j). In order 
to give an idea of how to proceed, we will sketch how to equip AJ'"''^ by a second-order 
universal quantifier (yielding system A2J'"'^^) and how to extend the CGPS translation of 
^jmse -j^^Q simply-typed A-calculus to a translation of A2J'"*^ into a "domain-free" version 
A2 [3] of second-order A-calculus a. k. a. system F [15j. 

5.1.1. System A2. To recall, system F corresponds to second-order propositional logic and 
consequently also has the types of the form \/X.A. Therefore, also on the type level, we 
need to allow silent renaming of bound variables. Just as it is done in [20], we stay with the 
Curry-style typing of our previous systems but nevertheless add AX.t and tA to the term 
syntax for A, for universal introduction and universal elimination, respectively. These two 
constructions normally belong to the typing discipline a la Church, but in addition to A, 
they give (a variant of) system A2 of The new typing rules are: 



rhAXt :VXA rhtB:[B/X]A 
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with denoting type substitution, where RIntro2 is under the proviso that X is not 

free in any type in F. The new reduction rule is /32: 

{AX.t)B [B/X]t 

with [B/X]T type substitution in term t. It is shown in [3] that strong normahsation of 
typable terms is inherited from the same property for system F, that has been estabhshed 
by Tait's refinement [37] of Girard's weak normahsation proof |15j . 



5.1.2. System A2J™'**^. For A2J™*'^, we also extend the term syntax by AX.t and extend 
the co-term syntax by ^ :: / that count among the evaluation contexts. The cases u :: I 
and A :: I can be uniformly seen as U :: /, where U now stands for a term or type. Type 
substitution [B/X]T for T a term/co-term/command can be defined in the obvious way. 
j^2jmse extends AJ™**^ also by the rule RIntro2 above and by 

F|/ : [B/X]A h C 
T\B::l:yX.A^C 

The notion /@/' is redefined with u replaced by U (and stays associative), and the admissible 
typing rules for substitution, weakening and @ carry over from AJ""^*^, as well as the obvious 
typing rules for type substitution. The only new reduction rule is 

(/32) {AX.t){B :: /) ^ {[B/X]t)l 

So, term substitution is dealt with in an explicit way in A2J'"'^'^, but type substitution is 
still left implicit. This gap would be annoying for dependently-typed systems, see |24] for 
a proposal that solves this problem. 

The one-step reduction relation takes into account the new syntactic constructions, and 
subject reduction follows. 



5.1.3. CGPS translation. The CGPS-translation of AJ'"'^'^ into A is now extended to a CGPS 
of A2J'"*'^ into A2. Unlike the case of implication, no further double negation w. r. t. [20] 
has to be added, since our sequent calculi do not provide an explicit type substitution; we 
set 

{MX. A)* = VX.]4 . 

Evidently, {[B/X]A)* = [B* /X]A*, hence (but to be proven simultaneously) [B/X]A = 
[B*/X]A. We extend the definition of (T : G,K) for AJ'"'^^ with G,i^ terms of A2, by 

{AX.t:G,K) = [K(KXI)-G] 
{t{B :: I) ■.G,K) = {t : G, \m.{l : G, K){mB*)) 
{B::l: G, K) = \w.wG{\m.{l : G, K){mB*)) 

The clause for AX.t is taken from |2Qj. This extended translation obeys to the same typing 
as for AJ™'^^ (now always w. r. t. A2), hence satisfies type soundness. 

Lemma 5.1. The CGPS translation of X2J"^^^ into A2 satisfies the following: 
(1) — (7) as in Lemma 

(8) [B*/X]{T ■.G,K) = {[B/X]T : [B*/X]G, [B*/X]K) and [B*/X]t = [B/X]t. 

(9) [B/X] {T : G,K) = (T : [B/X]G, [B/X]K) for X not free in T. 
(10) (a) {tl : s(G), Am.(/' : G, K){mB*)) ^+ {t{m{B :: I')) : G, K) 

(b) (/ : s(G),Am.(r : G,K){mB*)) ^+ {m{B :: I') : G,K) 
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Now we prove the following theorem just as before Theorem 14.31 
Theorem 5.2 (Simulation). If t ^ u in XIJ"^^'^, then t u in X2. 

Proof. We show the new base cases. 

Case /32: {AX.t){B :: I) {[B/X]t)l. 

{{AX.t){B :: /) : G,K) 
= {AX.t : G, Xm.{l : G, K){mB*)) 
= [{Xm.{l : G, K){mB*)){AX.ty, G] 

{l:G,K) [B*/X] t 
= {l:G,K)[B/X]t (LemmaOS.) 

{{[B/X]t)l -.G.K) (LemmaEHS.) 

Case vr: Sub-case E = B :: I' . 

{{tl}{B :: /') :G,K) = {tl : s(G), Xm.{l' : G, K){mB*)) 

^+ {t{m{B ■.-.l')) :G,K) (Lemma OlO.) □ 

Corollary 5.3. The typable terms of X2J"^'^^ are strongly normalising. 

A technically more involved CGPS for the Church-style version of X2J"^^^ into Church- 
style system F can be given along the lines of [26j, where the colon translation has to be 
made relative to a context T. 



5.2. F'^ and Higher-Order Logic. In the second order systems, one assumes that X in 
the quantification \/X.A ranges over the domain PROP of all propositions (or types). In 
this subsection we study systems allowing the formation of other domains of quantification, 
usually denoted V, £. Quantification now has the form MX : D.A, but, at the proof-term 
level, abstraction AX.t remains domain-free. 

In the following we formulate intuitionistic higher-order predicate logic, both in the nat- 
ural deduction format XH, and the sequent calculus format A-ffJ'"'"^. A minor restriction in 
each of these systems gives two formulations {Xuj and XujJ"^'^'^, respectively) of intuitionistic 
higher-order propositional logic, or system F^ . 



5.2.1. Domains of quantification. Domains (of quantification) are given by: 

V,£ ::= PROP\X\V -^V 

X ranges over a set of domain variables. These play the role of "sorts" in multi-sorted 
first-order logic. The set of domains is very much like Church's structure of simple types, 
except that, besides PROP (the type of propositions). Church only admitted one other 
base type i of individuals. 

Next come the propositional, or type, or individual, function(al)s: 

A, B, C ::= X\ \X.A \ AB \ A D B \ \/X : V.A 

These are the inhabitants of domains. X ranges over a set, whose elements may be seen 
as type variables, or propositional variables, or individual variables, etc. In the last case 
a meta-variable like x would be more expressive. Also, one may employ meta-variables if 
and ip instead of A, if one wants to emphasize that the inhabitant is a proposition, or t if 
one wants to emphasize that the inhabitant lives in some domain of individuals X. \X.A 



CPS AND STRONG NORMALISATION FOR INTUITIONISTIC SEQUENT CALCULI 



29 



Figure 14: Domain assignment rules for higher-order logic 
(X :V) £ A 

At 

A,X:VhA:£ A^A:V^£ AhB:V 

A h XX.A -.V^E ^ ^ Ah AB :£ 

Ah A -.PROP Ah B: PROP A,X:VhA: PROP 

Ah Ad B : PROP AhyX : V.A : PROP 



and AB are the generic, and usual, mechanism for building inhabitants at all levels of the 
domain structure |j 

The relationship between domains and their inhabitants is governed by domain assign- 
ment rules. Let A range over consistent sets of declarations X : D. Such rules derive 
sequents of the form Ah A : V, as described in Figure [HI Besides the ordinary rules of the 
simply-typed A-calculus, one has two formation rules, li Ah A : PROP, then we say that 
A is a A-proposition, or just proposition. Alternative terminology is "formula" or "type". 

Finally, the inhabitants of domains may reduce according to the following reduction 
rule: 

(/3o) {>X.A)B ^ [B/X]A . 
The given definition of domains, their inhabitants, and the derivable sequents Ah A : T> 
remains fixed for the rest of this subsection (that is, in all the systems Xuj, XH, AcjJ™**^, 
and XHJ"^'^'^), except for one thing: in Xlo and XljJ"^^'^, domain variables X are not allowed. 

5.2.2. Systems Xtu and XH . We now define the natural deduction system XH and its minor 
variant Xuj. Specifically, we define proof expressions and their "typing" rules, that is, the 
rules governing what expressions inhabit what propositions. At this level, the systems Xto 
and XH are indistinguishable; indeed, the single difference is the one already pointed out 
at the domains level. 

In addition, at this level, also XH and A2 would be indistinguishable, provided that 
(i) we had defined A2 with a trivial domain level V = PROP, and with formal "domain 
assignment rules" generating the types/ propositions; (ii) we wrote VX : D.A and not just 
yX.A; (iii) sequents T h t : A carried an outer set A declaring necessary variables X with 
domain PROP. So, what follows may be used as a recapitulation of A2. 

In XH one has the following proof terms: 

t,u,v ::= x\ Xx.t\tu\AX.t\tA 

Proof terms are assigned to propositions through proposition assignment rules, which 
generate sequents of the form A;T h t : A according to the rules of Figure [151 Here 
r is a consistent set of declarations x : A; in addition we expect A h P : PROP and 



Notation: different forms of abstraction are denoted by variants of the symbol A, but application is 
always denoted by juxtaposition. 
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Figure 15: Proposition assignment rules of XH 
A h r : PROP {x: A) eT 



A;Thx:A 



Ax 



A;rht:ADB A;rh'u:^ A;r,x : Aht: B 

A;Thtu: B ^ A; F h Xx.t : A D B ^ ^ 

A;Tht:yX -.V.A AhB:V A, X : V;T h t : A 

A-T^tB: [B/X]A A;T h AX.t : yX : V.A ^ 

A; r h t : ^ Ah B : PROP A B 
A-Thf.B 



A \- A : PROP, whenever A; F h t : A is generated. The notation A h F : PROP means 
{x : A) ^ T ^ A \- A : PROP. Proof terms reduce according to these two reduction rules: 

{Xx.t)u [u/x]t 
iP2) {AX.t)B ^ [B/X]t 
Proof terms are capable of /3o-reduction, via the closure rule B — B' =^ tB — i>^f, tB'. 

5.2.3. Systems AwJ""^*^ and XHJ"^^^. We now define the sequent calculi XHJ"^^^ and its 
minor variant AwJ""^*^. Again, at the level of proof expressions and their "typing" rules, 
the systems AwJ™^*^ and AiJJ™^^ are indistinguishable; indeed, the single difference is the 
one already pointed out at the domains level. 

In addition, at this level, also XHJ"^^^ and A2J'"^'^ would be indistinguishable, under 
the same provisos as before for the indistinguishability of XH and A2. Hence, also the 
following definition is mostly a recapitulation of A2J'"'''^. 

In XHJ"^'^^ one has the following proof expressions: 

(Proof terms) t, u, v ::= x \ Xx.t \ AX.t \ {c} 

(Proof co-terms) / ::= [] | u :: / 1 S :: / 1 {x)c 

(Proof commands) c ::= tl 

Proposition assignment rules generate sequents of the forms A;F h t : ^, and A;F|/ : 
B \- A, and A;T B. In these sequents we expect A h F : PROP, A h ^ : PROP, and 
A\- B : PROP. The rules are shown in Figure [TBI 

The rules for the reduction of proof expressions are: 





{Xx.t){u :: /) 


u{{x)tl) 




{AX.t){B :: /) ^ 


{[B/X]t)l 


(vr) 


{tl}E 


t {l@E) 


(^) 


t{x)c — > 


[t/x]c 


(^) 


{x)xl — > 


I, if X ^ I 




im - 


t 
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Figure 16: Proposition assignment rules of \H3"^^^ 

AhT-.PROP Ah A -.PROP A h T : PROP {x:A)er 

A;T\[]:AhA ^ A;r h x : A 

A;rhu:A A;r\l : B h C A;T,x : Ah t : B 

A;T\u::l: Ad BhC A; T h Xx.t : A D B 

AhB:V A;T\l:[B/X]AhC A,X ■.V.T h t : A 

A-T\B -.-.l-.-iX -.V.Ah C A;rhAXt:VX:P.A ^ 

A;T,x : A ^ B A;V A 

A-T\{x)c: Ah B ^^^^ A;Th{c}:A ^"^^^ 

A;Tht:A A;T\l:AhB 



AS ^ B 



Cut 



A;rht: A Ah B : PROP A B 
A;rht:i? 



Proof expressions are capable of /9o-reduction, via the closure rule B — B' =^ B :: / — 
B' :: /. 

5.2.4. CGPS translations. We will see that, when the CGPS translation is extended to 
AwJ™^*^ and \H3^^^, its properties (type soundness and the simulation theorem) remain 
valid and are proved almost verbatim relative to the second-order case. Here is an ex- 
planation. The proofs of the properties of the CGPS translation have two components. 
The first component is a proof that the CGPS translation behaves well relative to domain 
inhabitants/assignment. This comprises (i) domain soundness (Lemma l5.4l below) : (ii) com- 
mutation with substitution of type variables X; (iii) simulation of (3q (Lemma 15. 5p . This 
component depends on the domain inhabitants/assignment and inhabitants reduction {(3q) 
of the system where the translation is defined. Very little variation exists between A2J™*'^, 
AwJ™**^, and \H3™^^^ regarding these aspects, the only singularity being that there is no (3q 
at second order. The second component is the proper proofs of type soundness and strict 
simulation, which are all the same for A2J'"**'^, AwJ™'**^, and \H3^^^, except for one induc- 
tive case of the strict simulation theorem, absent in A2J"^'*'^, and relative to /?o reduction at 
proof-expression level. 

We define a CGPS translation from XHJ™^^ to \H. It can be seen as a CGPS transla- 
tion from XujJ"^'^^ to Xto as well, and generalises only slightly the previous CGPS translation 
from A2J'"**^ to A2, by providing translations for WX.A and AB. 

Domains remain fixed, but their inhabitants are translated as in Figure [T71 Recall that 
the relation of domain assignment of A-fTJ™**^ is the same as that of XH. Such relation is 
intended in the following result. 
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Figure 17: Translation of propositional/individual function(al)s 



X* 

{A D B)* 
(VX : V.A)* 

{yjc.A)* 

{AB)* 



X 

-nB D -A. 
MX : V.A 
>X.A* 

A*B* 



A 



T D -n^A* 



Lemma 5.4 (Domain soundness). The following holds: 



A h ^ : P 
A h A* : P 



A h ^ : PROP 
A h ]4 : PROP 



Proof. By simultaneous induction on A. 



□ 



Recall also that the relation of domain assignment of Xijoi^'^^ is the same as that of Xuj. 
If this latter relation is intended, the previous result also holds, with the same proof. The 
previous lemma generalises the fact that, at second order, if A is a proposition (type), then 
so is A* and A. 

The same grammar generates the sets of proof expressions of A-fTJ™**^, AlijJ'"'^'^, and 
A2J'"'^^; another single grammar generates the sets of proof expressions of Ai/, Aw, and 
A2. These two grammars are already known from the second-order systems, so the CGPS 
translation at the level of proof expressions is known and we do not repeat it. 

The equations {[B/X]A)* = [B*/X]A* and [B/X]A = [B*/X]A stiU hold, and are 
proved by the same simultaneous induction, supplemented with the straightforward new 
cases WX.A and AB. 

Lemma 5.5. If A B in AiJJ'"*^ (resp. AwJ""^^;, then A* B* and A B in 
\H (resp. Xlu). 

Proof. Straightforward induction on A — B. The base case follows from ([B / X]A)* = 
[B* /X]A*. The inductive cases are routine. □ 

Then one obtains the admissible typing rules of Figure [THJ This is the same typing 
obeyed by the CGPS translation from X2J"^^^ to A2, provided, as remarked before, A2J"^**^ 
and A2 are defined with a formal level of domains, etc. 

Lemma 5.6. The CGPS translations of XH3^^^ into XH , and of AwJ™'^^ into Xuj, satisfy 
the items (1) to (10) of Lemma \5.1\ 

Theorem 5.7 (Simulation). If t u in XHJ"^'^^ (resp. XujJ"^'^^), then t u in XH 
(resp. Xuj). 

Proof. The same proof as in the second-order case applies. There is only one new inductive 
case, to prove {B :: I : G,K) — >^ [B' :: I : G,K), when B — B' , a case which is an 
immediate consequence of Lemma 15.51 and the definition of the CGPS translation. □ 
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Figure 18: Admissible proposition assignment rules for CGPS translation of XHJ"^^^ 

A;Tht: A 
A;Tht:A 

A;Tht:A A;r,rhG:T A;T,T' h K : ^A* 
A;r,r' h {t:G,K): ± 

A;T\l:AhB A;r,r'hG:T A;T,r' h K : ^B* 
A;T,r h{l:G,K): -^A 

A;T A A; r, r h G : T A;T,r h K : ^A* 
A;T,r' h{c:G,K):± 

Corollary 5.8. The typable terms of XHJ"^^^ and XuiJ^^'^ are strongly normalising. 

6. Further remarks 

Contributions. This article provides reduction-preserving CGPS translations of XJ"^'^^ 
and other intuitionistic calculi, hence obtaining embeddings into the simply-typed A-calcu- 
lus and proving strong normalisation. As a by-product, the connections between systems 
like AJ and AJ™ and the intuitionistic fragment of A^/i are detailed, and confluence for them 
obtained. It is shown that all the results smoothly extend to systems with quantification 
over propositions and even functionals over propositions and (many-sorted) individuals. In 
all cases, the sequent-calculus format is embedded into the natural-deduction style. 

C(G)PS and strong normalisation. In the literature one finds strong normalisation 
proofs for sequent calculi [3 [H [231 1211 IMl EH], but not by means of CPS translations; or 
CPS translations for natural deduction systems [U EJ (U [171 EOl 130] . 

This article provides, in particular, a reduction-preserving CGPS translation for the 
lambda-calculus with generalised applications A J. [30] covers full propositional classical 
logic with general elimination rules and its intuitionistic implicational fragment corresponds 
to A J. However, |30j does not prove a strict simulation by CPS (permutative conversions 
are collapsed), so an auxiliary argument in the style of de Groote [6|, involving a proof in 
isolation of SN for permutative conversions, is used. 

In Curien and Herbelin's work [5l [18] one finds a CPS translation (_)" of the call-by- 
name restriction of A/i/i. We compare (_)" with our (_). (i) (_)" generalises Hofmann- 
Streicher translation [19]; (_) generalises Plotkin's call-by-name CPS translation ^32j. (ii) 
(_)" does not employ the colon operator; (_) does employ (we suspect that doing admin- 
istrative reductions at compile time is necessary to achieve strict simulation of reduction); 
(iii) (_)" is defined for expressions where every occurrence of u :: Hs of the particular form 
u E; no such restriction is imposed in the definition of (_). (iv) at some points it is unclear 
what the properties of (_)" are, but no proof of strong normalisation is claimed; the CGPS 
(_) strictly simulates reduction and thus achieves a proof of strong normalisation. 
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Higher-order sequent calculi. Our formulations of system and higher-order logic 
in the sequent calculus format were helpful for showing the wide applicability of the CGPS 
technique. Nevertheless, they are another experience in the formulation of type theories 
as sequent calculi [24|. We adopted the guideline that only proof-expression could suffer 
a change in the proof-theoretical format, but other, more "uniform", possibilities exist, 
where also the domain assignment relation is changed to the sequent calculus format. An 
improvement, in view of proof-search, is to restrict the conversion rule of the typing system 
to an expansion rule [36j. Finally, in XHi^'^^, AwJ™^*^, and A2J™'^^ we re-encounter explicit 
substitutions in higher-order type theories [HHH], but with a simpler treatment (no explicit 
execution) and in a simpler setting (no dependent types). 

Future work. We plan to extend the technique of continuation-and-garbage passing 
to A///i and to dependently- typed systems. We tried to extend the CGPS to CBN A///i, but 
already for a CPS translation, we do not see how to profit from the continuation argument 
for the translation of co-terms and commands. Moreover, a special case of the rule we call vr 
corresponds to the renaming rule a{nb.M) — > [a/b]M of A/U-calculus. This rule is evidently 
not respected by the CGPS translation by Ikeda and Nakazawa [20] (nor by the CPS they 
recall) since the continuation argument K is omitted in the interpretation of the left-hand 
side but not in the right-hand side. So, new ideas or new restrictions will be needed. 
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